October 23, 2023 at 10:02AM
The Federal Trade Commission (FTC) and the National Association of Insurance Commissioners (NAIC) have emphasized the importance of cyber insurance as a way to protect against cyberattacks. However, simply suggesting cyber insurance is not enough. The government should ensure its availability and affordability, particularly for small businesses. Businesses should also take proactive cybersecurity measures in addition to having insurance. The cost of cyber insurance has been increasing, and it may not cover all types of security breaches. The government can help by promoting standardized policies that are easy to compare, offering incentives for purchasing insurance, and subsidizing policy costs. Government outreach and regulation can also encourage businesses to prioritize cybersecurity.
From the meeting notes, it is clear that the Federal Trade Commission (FTC) and the National Association of Insurance Commissioners (NAIC) have suggested that companies consider cyber insurance as a means of resilience against cyberattacks. However, it is mentioned that merely suggesting cyber insurance is not enough and that the government must ensure its availability and affordability, especially for small businesses. The notes also emphasize that cyber insurance is not a comprehensive solution to all cybersecurity challenges and that businesses should take proactive cybersecurity measures.
The meeting notes highlight the increasing costs of cyber insurance premiums, with a growth of 61% in 2021 alone. Some businesses are finding it difficult to obtain or renew policies. It is also mentioned that cyber insurance policies have limitations in terms of coverage, including exclusions for certain types of security breaches. Inexperienced buyers may not be aware of these limitations.
To help increase and expedite cyber insurance adoption, it is suggested that government agencies implement a holistic approach that supports businesses’ use of proactive cybersecurity measures, provides education, and encourages industry and policy cost subsidization. Standardization of cyber insurance policies can also aid consumers and brokers in evaluating policies. Government subsidies and incentives, such as tax credits, can help promote cyber insurance uptake. The government can also create a backstop fund to cover catastrophic cyber incidents and incidents caused by state actors. Government outreach and education to businesses are also recommended to promote good cybersecurity practices.
To increase market efficiency, regulators can ensure that policies provide the implied coverage and facilitate competition by developing curriculum and licensing practices targeted at cyber insurance providers and resellers.
Overall, the meeting notes highlight the importance of cyber insurance as a risk management tool but also emphasize the need for proactive cybersecurity measures and government support to ensure its availability, affordability, and effectiveness.